[Secure-testing-commits] r36364 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Aug 28 11:33:59 UTC 2015
Author: carnil
Date: 2015-08-28 11:33:59 +0000 (Fri, 28 Aug 2015)
New Revision: 36364
Modified:
data/CVE/list
Log:
Update CVE-2015-5237 as well for wheezy and jessie
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-28 11:30:11 UTC (rev 36363)
+++ data/CVE/list 2015-08-28 11:33:59 UTC (rev 36364)
@@ -3611,7 +3611,9 @@
RESERVED
CVE-2015-5237 [Integer overflow in protobuf serialization]
RESERVED
- - protobuf <unfixed>
+ - protobuf <unfixed> (low)
+ [jessie] - protobuf <no-dsa> (Minor issue)
+ [wheezy] - protobuf <no-dsa> (Minor issue)
[squeeze] - protobuf <no-dsa> (Minor issue)
NOTE: https://github.com/google/protobuf/issues/760
NOTE: Upstream doesn't seem to consider this a real issue. And Florian itself closed it as CANTFIX on the RedHat side. Maybe we should tag this unimportant instead? --Raphael Hertzog
More information about the Secure-testing-commits
mailing list